Hello,
I've been struggling with this for couple of days now. All I want to do is
to enable SSL protocol on the webserver.
I want to be able to generate and sign my own certificates. I used various
tools to do that, such as makecert.exe from .NET SDK and even downloaded
OpenSSL and generated certificates using that.
I installed my own certificates on IIS, but SSL simply wont work with any of
mine certificates. I get an error in server's event log: "SSL server
credential's certificate does not have a private key".
If anyone successfully accomplished what I am trying to do, Please respond.
Any links or suggestions? Please help!
Thank you 5 1331
Lenn,
If you are going to generate your own certificates, then I believe you
have to install the certificate on the client machine to get SSL to work.
Have you tried that?
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com
"Lenn" <Le**@discussions.microsoft.com> wrote in message
news:7D**********************************@microsof t.com... Hello,
I've been struggling with this for couple of days now. All I want to do is to enable SSL protocol on the webserver. I want to be able to generate and sign my own certificates. I used various tools to do that, such as makecert.exe from .NET SDK and even downloaded OpenSSL and generated certificates using that. I installed my own certificates on IIS, but SSL simply wont work with any of mine certificates. I get an error in server's event log: "SSL server credential's certificate does not have a private key". If anyone successfully accomplished what I am trying to do, Please respond. Any links or suggestions? Please help!
Thank you
Lenn wrote: I've been struggling with this for couple of days now. All I want to do is to enable SSL protocol on the webserver. I want to be able to generate and sign my own certificates. I used various tools to do that, such as makecert.exe from .NET SDK and even downloaded OpenSSL and generated certificates using that. I installed my own certificates on IIS, but SSL simply wont work with any of mine certificates. I get an error in server's event log: "SSL server credential's certificate does not have a private key". If anyone successfully accomplished what I am trying to do, Please respond. Any links or suggestions? Please help!
Hello,
It sounds like you're installing the cert without creating / importing the
private key in IIS. Have you followed the CSR wizard in IIS to generate a
key pair and the CSR to either send to a CA or sign yourself? Make sure you
use the 'Create a new certificate' option in the SSL IIS wizard and you can
create a test 3 month cert from IPSCA to make sure it works OK: http://certs.ipsca.com/
Thank you all.
Yes, I installed certificate on the client and server, doesn't make a
difference.
Leon, Wizard in IIS offers 2 options; 1. Create Certificate request to be
processed by CA. 2. Assign excisting cert.
I chose option 2.
What I've done is 1. Generate new cert using makecert.exe, 2. Import cert to
the server Cert Personal Store through Certificate Mangment Console. 3.
Install new cert on IIS though their wizard.
Have you done this before, could you please list steps you followed.
Lenn wrote: Leon, Wizard in IIS offers 2 options; 1. Create Certificate request to be processed by CA. 2. Assign excisting cert. I chose option 2. What I've done is 1. Generate new cert using makecert.exe, 2. Import cert to the server Cert Personal Store through Certificate Mangment Console. 3. Install new cert on IIS though their wizard. Have you done this before, could you please list steps you followed.
I usually get IIS to create a new cert and a CSR and then send the CSR to
either a certification authority or use Microsoft Certificate Services to
sign the request and then process the cert.
See http://support.microsoft.com/kb/299525/EN-US/ for details about using
certificate services to sign your own cert, or use a CA that will sign a
test cert for you for free, such as IPSCA (as mentioned before) or Thawte: http://www.thawte.com/ucgi/gothawte....00158767049000
Thanks. I usually get IIS to create a new cert and a CSR and then send the CSR to either a certification authority or use Microsoft Certificate Services to sign the request and then process the cert.
This links explains in details how to do the same with openSSL, so you can
be your own CA which exactly what I wanted to do. http://www.dylanbeattie.net/docs/ope...ssl_howto.html
It worked for me, now I need to figure how to programaticlly pass client
certificate to the server.
"Leon Mayne [MVP]" wrote:
Lenn wrote: Leon, Wizard in IIS offers 2 options; 1. Create Certificate request to be processed by CA. 2. Assign excisting cert. I chose option 2. What I've done is 1. Generate new cert using makecert.exe, 2. Import cert to the server Cert Personal Store through Certificate Mangment Console. 3. Install new cert on IIS though their wizard. Have you done this before, could you please list steps you followed.
I usually get IIS to create a new cert and a CSR and then send the CSR to either a certification authority or use Microsoft Certificate Services to sign the request and then process the cert.
See http://support.microsoft.com/kb/299525/EN-US/ for details about using certificate services to sign your own cert, or use a CA that will sign a test cert for you for free, such as IPSCA (as mentioned before) or Thawte: http://www.thawte.com/ucgi/gothawte....00158767049000 This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: User1001 |
last post by:
I have been trying to enable/use specific OpenSSL extensions that I use in
generating certificates manually, via PHP5 + php5-openssl
module/extension.
Filling out the "configargs" array with...
|
by: Lenn |
last post by:
Hello,
I've been struggling with this for couple of days now. All I want to do is
to enable SSL protocol on the webserver.
I want to be able to generate and sign my own certificates. I used...
|
by: Lenn |
last post by:
Hello,
I've been struggling with this for couple of days now. All I want to do is
to enable SSL protocol on the webserver.
I want to be able to generate and sign my own certificates. I used...
|
by: jens Jensen |
last post by:
Hello,
I was given the task to build a .Net client that will talk to IBM
integration server via HTTP post.
The idea is that each http packet exchange should be authenticated via X09
"client...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |